Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 9, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 9, 2018
Top Malware Reported in the Last 24 Hours
Fake WhatsApp Plus
Hackers are circulating a fake WhatsApp app, dubbed WhatsApp Plus, on the web. This malicious app is a variant of Android/PUP.Riskware.Wtaspin.GB, a fake WhatsApp riskware. The app is capable of stealing sensitive information from the infected smartphone and also install malware. The APK file of the app is in circulation online via comments on blogs and forums.
NetSupport Manager RAT
Compromised websites are being leveraged to spread NetSupport Manager remote access tool (RAT) in the form of fake updates masquerading as Adobe Flash, Chrome, and FireFox updates. This is a malicious JavaScript payload, that sends basic system information--like architecture, computer name, username, processors, OS, domain, manufacturer, model, MAC address, keyboard, pointing device, display controller configuration, and more--to the server.
LockCrypt ransomware cracked
Weakness in encryption in the LockCrypt ransomware has been identified by security researchers. The malware is spread via RDP brute-force attacks that must be manually installed. Since the hackers reused the buffer, their algorithm became vulnerable to a plain text attack.
Top Vulnerabilities Reported in the Last 24 Hours
XSS Flaw found in IBM WebSphere Portal
A cross-site scripting (XSS) flaw, dubbed as CVE-2018-1483, has been discovered in IBM WebSphere Portal. This flaw allows hackers to embed arbitrary JavaScript code in the UI of the web to alter the intended functionality and leads to the disclosure of the credentials. The flaw has already been fixed.
Authentication bypass flaw in Auth0 Identity platform
An authentication bypass vulnerability has been discovered in identity-as-a-service platform Auth0. Exploiting this flaw would allow hackers to access any portal or application, which are using Auth0 service for authentication. The vulnerability has been mitigated as the affected libraries have been extensively rewritten. New versions of SDKs have also been released.
Vulnerability in Linux Beep Command
A local privilege escalation vulnerability has been discovered in beep, an advanced PC speaker beeper. Beep allows the calling user to trigger those side effects even if they are not authorized to do so. Users needn't worry, as this tool doesn't exist in most of the modern day processors.